Since it’s Social Media Day today, there is likely to be an increased
focus on the impact of social media and the way it is used by businesses across
the world.
Social media use has skyrocketed for businesses all
over the world, with many companies using it as a way of strengthening their
brands and reaching out to new and existing customers.
It’s clear that social media is likely to continue
its popularity with businesses although, in an age where information security
has never been such a pressing issue, there are still questions that need to be
addressed.
1. Is social media really a threat to
security?
The threat posed to security by social media is
nothing new. A report released by Cisco in 2013 claimed mass audience
sites, which include social media, pose a significant threat to information
security.
One obvious threat is the potential for blurring
the line separating personal information and company data, particularly when a
user is using a social media account for both personal and work purposes.
This risk may be underestimated by workers, many of
whom may believe their social media accounts are not carrying anything of
interest for cybercriminals, but it can still be used as a portal into a
company’s wider network.
2. So is social media a weak spot?
Potentially. The use of phishing to compromise email accounts has been well-documented, but they can take on a new dimension when combined with social media.
For example, if cybercriminals can compromise a LinkedIn account, they can potentially fool others on the
network into thinking they are genuinely one of their coworkers, opening up the
possibility of handing over sensitive information.
3. But if they don’t get that far, there’s
nothing to worry about?
Not exactly. Social media output is a key component
of a brand’s overall image. If a cybercriminal manages to compromise one of
these channels it could prove damaging.
For instance, in 2013 a hacker was able to gain access to the
Twitter account of Burger King and then used it to display the
McDonald’s logo, along with explicit obscenities. Similarly, it’s not exactly
reassuring when someone like Mark Zuckerberg has his social networks compromised.
4. What can be done to make things better?
Setting up a rigid social media policy to protect
company accounts is always a good a start.
A code of conduct for employees, as part of a wider cybersecurity program, can include the implementation of
strong passwords, with weak logins such as 123456 still all
too common.
Other potential points include monitoring engagement with brand mentions,
offering guidance on how to spot malicious software, implementing two-factor authentication, and ensuring that only brand-approved
content is shared.
Implementing a policy is particularly important for
businesses operating more than one social media account, although it is equally
important not to discourage employee participation as this will hinder the
benefits these platforms bring.
5. Is it the employer’s responsibility to
safeguard social media security?
Employers should always try to educate their
workforce on the potential dangers of social media as best they can, but
employees themselves need to remain vigilant.
For example, it’s important to be cautious of links
embedded in email messages, even if they appear to be from a social network
provider.
Always ensure links come from trusted sources. If
in doubt, connect to site’s URL directly by typing it into your browser.
Always keep a track of what devices have access to
your accounts, and utilize any available service that will notify you when a
new login occurs.
Furthermore, workers shouldn’t risk leaving
themselves vulnerable by posting potentially sensitive information on social
media.
For more on how to keep your organization safe from
cybercrime, and boost cybersecurity knowledge among your employees, check out ESET’s free
Cybersecurity Awareness Training.